Rapid7 Blog

Federal Friday - 9.13.13 - Apple's Touch ID Release

POST STATS:

SHARE

Welcome to another edition of Federal Friday! It's been a busy week around here with 2 FISMA presentations earlier in the week and the ongoing effort to close out FY13 on 9/30. Plus the world came to a technological halt this week with the usual fervor surrounding your typical Apple event that was held on 9/10.

This time the event centered around the upcoming iPhone release which featured the announcement of their fingerprint scanner, Touch ID. While there is a whiz-bang feeling around this feature it might take a little while to be adopted in the commercial space. However, it should be of great interest to government organizations looking for a way to employ a higher level of authentication and this could be an easy step to begin utilizing 2FA throughout the agencies and contractors. The timing couldn't be better for the fed space with NIST releasing FIPS 201-2 which updates the standards associated with Personal Identity Verification Cards (PIV Cards).

PIV Cards can now be used in a wide range of form factors, specifically for use with mobile devices. In addition NIST had previously developed specifications regarding the use of biometric data on mobile devices (SP500-288). This will be highly effective even with Agency issued mobile devices. The PIV Card will continue to be the gold-standard in which the government, and its contractors, use for all forms of digital certificates, especially for signing and user authentication.

Apple has also provided specifics around data storage for the biometric information, including the fact that it is stored on the device level and not in the iCloud or any other Apple server. They also revealed additional security measures that are in place to prevent an attacker from bypassing the fingerprint feature.

While this isn't the first mobile device to put out a fingerprinting feature, Motorola did something similar back in 2011, but it never took off. Apple seems to have the following, both federally and commercially, to open the biometric floodgates. With NIST being ahead of the policy curve on biometrics, and the recent blessing of iOS6 by the DoD this could lead to an early adoption within the agencies.

To read more about the PIV credential changes head here, and for additional reading on the Apple Touch ID release head here.

If you missed out on the FISMA presentations this week do not fret, we save things like this and you can view them here and here.